See for example the REJECT target. It does exacly what you are looking for.
Regards Henrik Nordström On Wednesday 20 February 2002 18:55, Titus D. Winters wrote: > I have an odd sort of question: How would I go about writing an > extension that would cause nf to send a response packet > (constructed by the extension, of course) to input that Linux > normally wouldn't? (For example, sending a response to a FIN probe > of an open TCP port.) Would mangling the incoming packet (swapping > ip.src and ip.dst) work? Can I even perform a mangle in > prerouting? (I just tried to write an extension that swapped > ip.src and ip.dst but "iptables -t mangle -A PREROUTING -j" and any > target seems to return "Invalid Argument") > > Thanks > -Titus Winters
